15
Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Embed Size (px)

Citation preview

Page 1: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Dartmouth’s Wireless Network

May 16, 2005

David W. Bourque

Page 2: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Topics

• Background (Dartmouth’s Wireless Network pre 2005)• Dartmouth’s Wireless Network, Where Is It Going?• “Fat” versus “Thin” Access Points• An Architectural Evolution• Virtual Networks• Client Mobility• Securing The Wireless Network• The Aruba Wireless Location Tool• Managing The Wireless Network• Questions and maybe some Answers

Page 3: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Background

• Campus roughly one mile square• User population is about 6000• Roughly 200 buildings/structures• Campus is completely wired• Currently over 1,000 wireless Access Points

deployed– 300 Cisco Systems– 700 Aruba Wireless Networks

Page 4: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

First Generation Deployment

• Installed over 18 months beginning in 2001• Cisco Aironet 350 series• Approximately 500 APs installed• Approximately 2200 active users per day• Dartmouth’s wireless network named

“Kiewit Wireless”

Page 5: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Dartmouth’s Wireless Network,Where Is It Going?

• Removing all of the existing Cisco 350– “Fat” access points

• Installing Aruba Wireless Networks– “Thin” access points– Approximately 1400 devices at project

completion

• Current status– Over 700 Aruba access points installed– 85 buildings have been upgraded

Page 6: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

“Fat” versus “Thin” Access Points

• Cisco Systems “Fat” access points– 802.11b, 2.4 GHz, 11 Mbps data rate– Managed individually– All network decisions made at the access point– Hundreds of configuration files– Can operate as an independent stand-alone device

• Aruba Networks “Thin” access points– 802.11b, 2.4 GHz, 11 Mbps data rate– 802.11g, 2.4 GHz, 54 Mbps data rate– 802.11a, 5.8 GHz , 54 Mbps data rate– Managed from a central tool, the “aruba master”– Network decisions made at a central tool– One “master” configuration file– Requires network connectivity to “aruba master” to operate

Page 7: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Architectural Evolution

Media Access

802.11b Radio

Policy

Mobility

Forwarding

Encryption

Authentication

Management

“Thin” Access Points

Centralized WLAN Systems

“Fat” Access Points

Diagnostics

Calibration

Monitoring

Enforcement

Location

802.11a radio

802.11n radio

Page 8: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Next Generation Wireless& Virtual Networks

• Increase AP density and thus bandwidth– Reduce or eliminate weak client pulling down others– Load balance associations in high client areas

• Develop three “Virtual” wireless layers– Kiewit Wireless

• Expand for general purpose bandwidth

– Kiewit Voice• Developed for wireless VoIP devices

– Kiewit Video• Developed for streaming video and latency sensitive services

• Kiewit Wireless and Kiewit Voice– Build for mobility

Page 9: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Client Mobility

• What does it mean?– Seamless movement from one access point to

another access point within the same virtual network within the same wireless zone

– Configuration Option:• Clients get to start the day with one IP address and

keep it throughout the day as they move across campus

Page 10: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Dartmouth’s Wireless Zones

Page 11: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Securing The Wireless Network

• Currently “Kiewit Wireless” is full and open access– Will become a guest network– Will become restricted to off campus Internet access only through firewall and router

configurations– Will become bandwidth limited by firewall policies

• New secure data network will become available– TBD name “Kiewit ?”– Secure through one or more of the following

• 802.1x• E-Token Authentication• Dartmouth developed “Green Pass”

• “Kiewit Voice”– Not generically visible, “hidden” network name– Currently secure through MAC based authentication– Network traffic restricted through firewall and router settings to internal Dartmouth network– Bandwidth limited to 1 Meg

• “Kiewit Video”– On less popular, less crowded, less interference 802.11a band– Requires login through Captive Portal– Once authenticated full access and bandwidth

Page 12: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Securing The Wireless Network

• Special AP configured to only monitor “Air Monitor”– Allows for rapid detection of intrusions– Allows for more accurate client location

• Automatically defending the network against– Ping attacks– TCP SYN attacks, rate selectable

• An attempt to keep a server busy by opening many TCP sessions– Bridging between wireless users

• Ad-Hoc networking– IP Spoofing

• Changing IP addresses from the same MAC address– Man In The Middle

• Pretending to be the “sender” or “receiver”

Page 13: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

The Aruba Wireless Location Tool

• Real time client location demo

Page 14: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Managing The Wireless Network

• Real time screens of the Aruba-Master

Page 15: Dartmouth’s Wireless Network May 16, 2005 David W. Bourque

Questions And Maybe Some Answers

• Thanks!