Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction  Trinity guest network project objective  College wireless network overview  Public wireless/hospitality internet access  Guest network.

Published bySherman Anthony Modified over 8 years ago

Similar presentations

Presentation on theme: "Introduction  Trinity guest network project objective  College wireless network overview  Public wireless/hospitality internet access  Guest network."— Presentation transcript:

1 Introduction  Trinity guest network project objective  College wireless network overview  Public wireless/hospitality internet access  Guest network access challenges  Guest access solution  IP3 NetAccess subscriber gateway  Outcomes and future developments

2 Trinity Guest Network Project  Objective: To facilitate the connection of short stay authorized Guests to the College data wireless (mandatory) and wired (desirable) network.  Examples of authorised Guests: - Conference delegates - Visiting academics and Library readers - VIPs, sales representatives, contractors - Summer accommodation visitors

3 College wireless network overview  Size and locations –750 users last academic year –Approx 145 APs in 50 locations, main Campus, St James, Dartry, D’Olier Street, Foster Place/College Green complex

4 College wireless network overview (cont)  Enterprise class based on Cisco Structured Wireless Aware Network (SWAN).  Secure –802.1X/EAP authentication via Radius/AD –Dynamic 128bit encryption –MAC address registration –VLAN’ed  Clients –802.1X compatible –College AD domain, OS patches, AV, high support  Internet connectivity limited, LAN based services available

5 Public wireless hotspots/Hospitality Guest Internet access  Low security  Any wireless client adapter will connect  Little wireless client configuration to connect  Full or almost full internet access  Connection established using a prepaid access code or credit card via a web based login portal  Connectivity and session management is usually controlled by a wireless gateway device providing a reliable controlled connection

6 Guest network access challenge  To provide an reliable network service to guests with the following characteristics –Low client configuration –Access code/portal authentication –Compatibility for most hardware and software types –Low user support requirements –Feature rich in terms of internet availability  Benefit from existing extensive infrastructure  Protect College’s other data networks and reputation from intentional/unintentional misuse of guest network

7 Guest access solution  Provide public wireless hotspot/hospitality type connectivity features using the existing campus network infrastructure  This is achieved by “overlaying” a Guest enabled network on the existing campus network using VLAN technology and an internet gateway device  A number of internet gateway devices were evaluated

8 Devices evaluated:  Bluesocket WG5000 wireless gateway (August 2004). www.bluesocket.com  Cisco Building Broadband Services Manager (BBSM) ver 5.3. (May 2005). www.cisco.com  IP3 NetAccess NA1500 internet gateway (July 2005). www.ip3networks.com www.ip3networks.com

9 Primary evaluation criteria:  VLAN based guest client discovery*.  Ability to generate its own access codes to facilitate Guest authentication*.  Session and bandwidth control, logging and accounting.  Ease of integration with existing campus network infrastructure, must support min. 1000+ users.  Customisable login portals, DHCP (NAT/PAT),SMTP, support for RADIUS authentication.

10 Evaluation Outcome: Bluesocket WG 5000 Cisco BBSM 5.3 IP3 NA1500 NetAccess VLAN based client discovery* YESNOYES Ability to generate own access codes* NOYESYES All other features YESYESYES

11 IP3 Enterprise Network Firewall Guest overlay architecture Wired Guest (VLAN 14) Wired Staff/Student etc Wireless Guest (VLAN 14), Authentication: OPEN Wireless Staff/Student Authentication 802.1X/EAP Internet IDS appliance

12 IP3 NetAccess subscriber gateway Access Control, Billing, and Subscriber Management Solution  Flash-based Network Appliance  802.1Q VLAN support.  Internal Access Code Generation & Authentication  Custom Login Portals.  Integrated DHCP, Firewall, & Web Servers  RADIUS AAA support  Supports VPN Pass-Through.

13 1. Guest connects to wired/wireless network, (SSID: TCDguest) 2. Guest client obtains DHCP assigned private IP address, opens Web browser, IP3 redirects to custom login screen. 3. Guest enters guest access code 4. IP3 provides authentication & accounting 5. IP3 manages bandwidth, access code duration. IP3 NetAccess manages Guest Internet Connections Internet, E-mail, VPN, etc. IP3 NetAccess

14 Portal groups:  Combination of the following: –Assigned (Guest) VLAN –Assigned (customised) login portal –Payment method (access code) –Product (eg 512K bandwidth)

15 Portal Groups

16 Portal groups cont’d

17 Portal Groups – VLAN’s

18 Portal Groups – Login portal

19 Portal Groups – login portal

20 Portal Groups – Payment methods

21 Portal groups - Products

22 Portal Groups – Products contd

23 Access codes - overview:  Created using access code generator.  Codes may be valid between a fixed start/end date or allow a one-off session from time of activation.  The generated access codes can be exported from the IP3 appliance in.CSV format.  The exported codes are then merged with a customised TCD access code token template before printing.  Codes are printed from a standard LaserJet colour printer using Avery business card labels.

24 Access codes - generation

25 Access codes generation - contd

26 Access codes - tokens

27 Outcomes  Over 500 guest users have been facilitated since the system was rolled out in August 2005 –First trial end July, Maths Lattice conference (55) –Production end Aug, Eurographics 2005 (>200) –Sept., BA conference (BA press users fallback) –Sept., EDNO, Maths, Nursing Studies –many individual requests

28 Outcomes (cont) I wanted to say that the wireless access in the printing house worked flawlessly yesterday. Our international evaluation panel and the SFI and IDA minders plugged in, retrieved their e-mail and I think this helped enormously in getting across an image of a professional organization with it's act together. One of the panellists from a University in the South of England commented that he'd never be able to get this kind of service in his home University!. So the day was a big success from our point of view..Thanks Again,

29 Future Developments  There has been much interest from the College community in this new service, strong demand is anticipated during 05/06 academic year  Automate process of distributing access codes  Using other authentication methods and additional VLAN’s to provide: – Quarantine/basic services network – PDA and handhelds – Facilitate Eduroam visitors

Download ppt "Introduction  Trinity guest network project objective  College wireless network overview  Public wireless/hospitality internet access  Guest network."

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.

Designing for Pervasive Network Security. Designing for Security Our aim in this section will be to concentrate on how campus Networks can be designed.
Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.

Authenticating Users. Objectives Explain why authentication is a critical aspect of network security Explain why firewalls authenticate and how they identify.
SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G www.smc.com.

SMC2804WBRP-G Barricade™ g 2.4GHz 54Mbps Wireless Cable/DSL Broadband Router with USB Print Server SMC2804WBRP-G
Terena Mobility Taskforce update Klaas Wierenga SURFnet.

Terena Mobility Taskforce update Klaas Wierenga SURFnet.
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.
Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.

Security that is... Ergonomic, Economical and Efficient! In every way! Stonesoft SSL VPN SSL VPN.
TF Mobility Group 22nd September 20031 A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.

TF Mobility Group 22nd September A comparison of each national solution was made against Del C – “requirements”, the following solutions were assessed.
Hotspot Express Product Presentation

Hotspot Express Product Presentation
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.

Nada Abdulla Ahmed.  SmoothWall Express is an open source firewall distribution based on the GNU/Linux operating system. Designed for ease of use, SmoothWall.
The Remote Workplace Designing, deploying, and supporting the remote workplace environment Presented by: John Milhoan Information Technology Cooperative,

The Remote Workplace Designing, deploying, and supporting the remote workplace environment Presented by: John Milhoan Information Technology Cooperative,
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Secure Computing Network

Secure Computing Network
Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.

Securing Remote Network Access FirePass ®. Business Case VirginiaCORIS is an initiative to modernize the way that offender information is managed, to.
Hotspot Express $ One of the Pioneers of complete WiFi solutions in India $ Hardware to create HOTSPOTs  Software to secure HOTSPOTs & Manage the users.

Hotspot Express $ One of the Pioneers of complete WiFi solutions in India $ Hardware to create HOTSPOTs  Software to secure HOTSPOTs & Manage the users.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Cisco NAC Guest Server Guest Access - Simplified Tim Wellborn SE Sangeeta.
ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

ISA 3200 NETWORK SECURITY Chapter 10: Authenticating Users.

Similar presentations

Ads by Google