du wireless networking update
DESCRIPTION
DU Wireless Networking Update. Chad D. Burnham & Byron D. Early University Technology Services July 9, 2002 @ Univ. of Utah. Why Wireless @ DU? Laptops!. Laptop Requirement @ DU: Undergraduate Laptop program in place since Fall ’99 - PowerPoint PPT PresentationTRANSCRIPT
1
DU Wireless Networking Update
Chad D. Burnham & Byron D. EarlyUniversity Technology Services
July 9, 2002 @ Univ. of Utah
2
Why Wireless @ DU? Laptops!
Laptop Requirement @ DU: Undergraduate Laptop program in place since Fall ’99
Students learn to utilize technology WHILE learning educational content
‘02-’03: All undergrad & MBA students required to have laptops with wired 10/100 Ethernet card. Laptops showing up with 802.11b cards built in.
Students are asking about where & how on campus.
3
Why Wireless? (Cont.)
~5000+ student laptops on & off DU network
~300 faculty use laptops via departments, grants (some self funding)
Student Survey Results: More “wireless hotspots”
4
Laptop Technology in DU’s Curriculum Wireless network access is an overlay network
service designed to provide physical flexibility in: Open Areas – “Hot Spots” (inside & outside) Wired Classrooms
Center for Teaching and Learning (CTL) Academic grants used as incentives for divisions to
‘convert’ to digital media. DU’s Blackboard On-line Class Implementation
Homework, Syllabus, Class Notes, PowerPoint Slides, quizzes.
5
Wireless Technology Concerns @ DU Bandwidth limitations:
Performance: Not adequate for certain applications Privacy & Security
Encryption & Authentication Network Snooping – Separate VLANs for Wireless
networks (not ‘on-top’ of existing) Technical Support / People:
Card Installs: its all about the “DRIVERS” VPN Software: Installation/configuration User password issues
AD / LDAP / Kerberos?
6
Wireless Technology Concerns @ DU - Continued
Evolving/changing wireless technologies & PC operating systems: Incompatibilities with installed base Upgrade costs
“Rogue” Access Points – Dept. Installed Security Issues – Network Access Performance Issues (Duplex) CDW ad: “I can do wireless”, “what is wireless”? Top Level policy in draft stage - How to police?
7
Wireless Network Benefits for DU
Convenience Places you cannot wire
Historical buildings Access problems Cannot get fiber uplink to
Flexibility physical group learning models New type of “smart-classroom”
8
The Ricks Center (DU’s private K-8 school) First wireless system was proprietary infrared technology:
Summer 2000 Not well liked or successful (connect problems, lost sessions, etc.)
Replaced with 802.11b Network: 72 Laptops Provided to students by Ricks Center 4 x 802.11b Access Points Security: MAC Address Registration & WEP
High administrative overhead Works well in this closed environment
Content Management in place
9
The Ricks Center (Cont.) Reasons for Implementing Wireless for K-8
Classes frequently broken into small “work groups”
Group & individual research flexibility Web Publishing application E-mail Lower bandwidth type applications
10
Rick Center: Continued
Purchased mobile Dell Cart to secure units
11
Penrose Library
(10) 802.11b Access Points Installed Redefining the library…. Provides for wireless access for students, staff and
faculty in library “Wireless Festival”
VPN tested with 25 laptop users Ready for “prime time” by fall 2002
12
Expanding Wireless @ DU
Current Installed Base: 70 total Access Points in (18) VLANs Security: In process of implementing VPN
Summer Projects 2002: Adding (30) Access Points = 90 Total VPN-Only Access for all wireless 21 total VLANs
13
So now you want to build a wireless network?
14
“The RF Site Survey”
Outside Firm vs. In-House Outside Costs: ~$100 per/hr per/person DU tried 2 different firms – limited use now
Dictates # of APs and placement of APs (RF Design) Gives initial grasp of hardware & installation
costs
15
Site SurveyRecommendations: Use 3 people to do the surveys:
1 person @ proposed base area with AP & various antenna types
Changing Antennas type/position/location Documenting results
2 people on wireless laptops (w/802.11x radio) & handheld walkie-talkies
Documenting SNR (in software) – to be overlaid on to maps/floor plans.
Cannot do “valid” site-surveys from blue-prints New buildings: radio waves propagate much differently
with furniture and people present
16
Site Survey Recommendations: (Cont.)
Assemble “Site Survey Tool Kit” Detailed layout/blueprints of building Portable battery pack for AP AP & Radio Cards: use same brand as
equipment to be deployed Variety of Antenna types Misc: digital camera, tie wraps & tape,
flashlight, etc.
17
Antenna PlacementRecommendations: Do not place antennas near:
Metal objects (filing cabinets, railings, I-Beams, lath, pipes, etc.)
Walls (when possible; unknown construction) Wave degradation issues
Separation important with multiple antennas 1 meter when on same tripod mast
Antenna should be placed in accessible area Rooftops: Denver building code requires coax in
rigid conduit supported off the roof (stands)
18
Antennas (Cont.)
Think 3-Dimensionally “Outside In” Approach (contain signals in
desired area) Patterns vary by antenna type Horizontal & Vertical “beam patterns”
Keep coax / LMR waveguide to minimum length Move the data cable & AP before making
coax longer
19
Wave Guide / LMR COAX Cabling from Antenna to Access Point LMR 200/400/600/800, etc. = Size & Loss
Properties LMR have very low signal loss properties Every Db matters: Keep distances as short as possible Newer Balun (75 <-> 50 Ohm) & Amplifier combo units
available to deliver over cheaper RG-6 Coax Times Microwave: Industry leader in cable, prep
tools, and connectors.
20
Coax (Cont.)
“Leaky Feeder Coax” Used as “base-station” antenna “Leakage Slots” in outer foil conductor Applications: vehicular tunnels, mines, inside
buildings Sized as LMR 600
Expensive Performance: DU has not tried yet
21
Antenna Variables to look for: Antenna Data Sheet: read, understand, be skeptical
(assume ½ coverage to be safe) Beam Coverage:
Horizontal & Vertical (in degrees) Antenna gain: rating in Dbi. (extends tx/rx “range”) Size/Shape Aesthetics
Remember: must have line of sight! Cost 2.4 GHz rated (802.11b)
22
RF: Its all in the Antenna….
A. Parabolic Grid AntennasB. Radome-Enclosed Yagi AntennasC. Omni Directional AntennasD. Patch Antennas (Bow-Tie)E. Planar Array Panel AntennasF. Heavy-Duty Panel AntennasG. Mobile AntennasH. Indoor Ceiling-Mount AntennasI. "Rubber Duck" Antennas
23
A. Parabolic Grid Antennas
Reflector grid antenna designed for long-range operation (line of sight & <7 mile) and can be configured for either vertical or horizontal polarization. UCONN Story.
Heavy-duty yet lightweight construction and a UV-inhibited powdercoat finish.
Know your “Beam Pattern” or “Coverage” Horizontal/Vertical discussion
24
B. Radome-Enclosed Yagi Antennas
Radome-enclosed yagi antennas combine high gain and wide beamwidth in a compact package.
Solid aluminum boom and elements enclosed within a white UV-inhibited radome for all-weather operation
“Pringles-Can” / War Driver article…
25
C. Omni-Directional 10db / 14 db Antennas
26
D. Patch/Panel Antennas:
Patch antennas are suitable for indoor and outdoor use. They are designed to be compact and aesthetic.
Narrow and wide beam avail. Point to Point vs. AP “Bow-tie” beam pattern
Low Price & excellent performance!
27
E. & F. Planar Array Panel Antennas:
Some models offer an attractive solution (aesthetics) for fixed subscriber and base station applications,
High performance alternative to Yagi-style antennas
Indoor/Outdoor
28
G. Mobile Antennas
Feature a variety of gain, radiation pattern and physical mounting options.
Moving Vehicle Applications
29
H. Indoor Ceiling-Mount Antennas
Ceiling-mount antennas are high performance, aesthetic and nearly invisible against a suspended ceiling (Holocom Panel)
~3db gain
30
I. "Rubber Duck" Antennas
Perfect for portable applications and as replacement antennas for many popular access points
31
Active Ethernet (PoE) Active Ethernet eliminates 110v AC outlet
installation @ AP. “Fault protected” recommended
“Injects” DC power onto the Ethernet (CAT5/5e/6) cable on Pins 7&8 (unused by Ethernet .
19” Rack Mount - 12 / 6 / 1 Port Available. Cisco WS-3524-PWR - WILL NOT support
this feature without “Injector” hardware. 802.3af ratified (today: 3Com, Milan).
33
DU: 802.11b (Current Networks) 802.11b: Today’s most prevalent
wireless Ethernet IEEE Standard 2.4 GHz Carrier Frequency Uses “Direct Sequence” Radio Scheme Signals @ 4 speeds:11, 5.5, 2 & 1 Mbps 14 discrete Channels/frequencies
Only 3 channels do not overlap (1, 6 & 11) Applications:
LAN, Point-to-Point, Point-to-Multi-Point
34
DU: Future Wireless Networks 802.11g (2.4 GHz, 22 Mbps)
Orinoco AP-2000 supports b & g in same box Antenna Placement Remains the same
802.11a (5 GHz): Higher frequencies require more antennas for same coverage
35
802.11b: Security & Access(OSI Layers 1 & 2)
ESS (Network) ID: Text Constant Variable DU: Using Single Standardized Name
Users can’t be expected to know multiple wireless names for different locations
Open vs. Closed Network Setting (BSS): “Open Setting”: Used by Windows XP to configure
network automatically (pros and cons) “Closed Setting” does not broadcast ESSID (weak
security, user must know ESSID)
36
802.11b: Security & AccessOSI Layers 1 & 2 (Cont.)
MAC Address Registration (on APs) Cumbersome & high management overhead Must re-enter if card is swapped out DU tried on 3 networks…...it’s over
DU Not Using: L2 WEP/WEP2 Key encryption WEP2 (802.11i) not yet ratified DU using VPN layer 3 solution
Encryption & AAA
37
802.11b: Security & Access (Cont.)
“Open” Access Points: Mapped & Published on
the Web “Warchalking”: Do the
outside walls of your wireless buildings have unusual graffiti?
38
DU Encryption & Access Using VPNs: VPNs: DU using Cisco 3030s to terminate VPNs
Configured for IPSEC-3DES – 168Bit Authentication & Authorization: VPN Client software
leverages a back-end USER database for AAA functionality RADIUS: Radiator on Solaris 8
DU “Branded” Cisco-VPN Client Software for: Windows (98/ME/NT4/2K/XP) Not Yet DU-Branded:
Pocket PC, Palm OS, MAC OS 10,Solaris, Linux
39
“Locking Down” Wireless LANs: Router Access Control List Objectives (so far):
# Allow IPsec to VPN Concentrators #Allows MSFCs to see each other for HSRP # Allow bootp on broadcast # Allow bootp from DHCP clients # Allow DNS to iVPN DNS server # Allow download of client # Allow MGMT station to ping router and AP's # Allow these systems to be pinged #Allow management station to snmp from APs # Deny all else
40
Roof Top Antenna Practices Plywood Backboard
University of DenverWireless LANs
Outdoor Antenna Grounding Diagram
Copper Bus-Bar
Copper Bus-Bar
WirelessAP
Pigtail
SurgeArrestor
Power Strip
LMR-400(In Flex-Tubing)
1"CopperWaterPipe
Clamp
Tri-pod/Mast
LMRGrounding Kit
GK-S400
Antenna(typ.)
Edit Date: 5/28/02
Rev: 1.2 Creator: cburnham
Filename:Wireless Install.vsd Company: DU = UTS/NS
Antenna_Ground
Legend
6 AWG BareCopper
LMR 400COAX
Surface J-Box(use Caulking)
41
Roof Top Antenna Practices cont:
42
In-Ceiling AntennaPractices
43
Physical Network Topology DU Data Backbone Wireless is several Internal VLANs / Subnets
VLAN6XX
VLAN7XX
VLAN8XX
VLAN9XX
44
VLAN 110
45
Typical Proposed Wireless
46
Standards Watch:
DU: Standards-based solution
47
802.1X - EAPLayer 2 Authentication Drafts 7,8 & 10 on table – None Approved Today. WEP works WITH 802.1X WEP2 not expected to be ratified until 2003 Solution for Wired Network:
Cisco CAT OS 6.x+IOS 12.1+Types
Client OS AP Radius Server Support
EAP TLS (transport level security)
WIN2K & XP
AP-2000/AP3 (ONLY MODE SUPPORTED)
Cisco Secure 3.0 NT & MS Active Directory
Certificate Server / Smartcard (no challenge-response)
Cisco 340/350
EAP TTLS N/A ? Funk Software onlyONLY the Server has to have cert.AP to Radius Server - Clinet does not care (USES TLS)
EAP Radius ? ?
EAP MD5 XP Cisco OnlyCisco Supports
LEAP (cisco Version draft 10) N/A Cisco Only Lightweight EAPOnly Cisco AP SupportedAny Cisco Wireless Card (download)
48
IEEE - 802.11g
Doubles bandwidth with same RF characteristics
Extends 802.11b (2.4 GHz) to 22 M bit/sec.
Intended to be backwards compatible w/ 802.11b
Approved. Products expected Q3 2002
49
IEEE - 802.11a Uses 5 GHz Carrier Frequency 6M–54M Bit /sec rates (54-100!) Different Radio A.P. Design Criteria (4x rule):
802.11b = ~250-300 Feet 802.11a = ~90 Feet Harder to get through walls, furniture, etc..
PC Cards will use more power – (Laptops) Products available today Total Cost of Ownership increases!
50
IEEE - 802.11e: AKA Whitecap2 – Cirrus Logic
Earliest incarnation of IEEE 802.11e New standard proposal will add:
QoS Features (multi-media, voice, etc.) Applies to 802.11a, 802.11b, 802.11g Major improvements in overall “channel
robustness” Deals with adjacent subnets operating
on the same channel Ratification expected Q3 2002
51
IEEE – 802.11i:
New standard proposal will add: Enhanced WEP (a.k.a. WEP2) Applies to 802.11a, 802.11b, 802.11g New encryption & authentication methods Temporal Key Integrity Protocol (TKIP) AES (an iterated block cipher) and TKIP
backwards compatibility. Ratification expected Q3 2002
52
IEEE – 802.11f: New standard proposal will add:
a "recommended practice" document “Roaming” Interoperability between vendors:
Defines registration of access points within a network and interchange of information between access points when a user is handed over from one access point to another.
Ratification expected Q3 2002
53
IEEE – 802.11h:
New standard proposal will add: Supplementary standard to MAC layer
in order to comply with European regulations for 5GHz WLANs.
Ratification expected Q3 2002
54
Product Links: Agere (Orinoco) = AP2000/1000/500
http://www.agere.com Proxim bought Agere 6/2002
Cisco = AP1200 http://www.cisco.com
Antenna Reseller: http://www.hyperlinktech.com/web/antennas_
2400.html
55
Other Good Articles & Links
http://standards.ieee.org/ http://www.wi-fi.com/ http://www.wireless-integration.com http://www.80211-planet.com This Presentation:
Will make available on Westnet site
56
Questions ??? and Answers ???