Wireless Networking Update University of Denver
Download
Report
Transcript Wireless Networking Update University of Denver
DU Wireless
Networking Update
Chad D. Burnham & Byron D. Early
University Technology Services
July 9, 2002 @ Univ. of Utah
1
Why Wireless @ DU? Laptops!
Laptop Requirement @ DU:
Students learn to utilize technology WHILE
learning educational content
‘02-’03: All undergrad & MBA students required
to have laptops with wired 10/100 Ethernet card.
2
Undergraduate Laptop program in place since Fall ’99
Laptops showing up with 802.11b cards built in.
Students are asking about where & how on campus.
Why Wireless? (Cont.)
~5000+ student laptops on & off DU
network
~300 faculty use laptops via departments,
grants (some self funding)
Student Survey Results:
3
More “wireless hotspots”
Laptop Technology in DU’s
Curriculum
Wireless network access is an overlay network
service designed to provide physical flexibility in:
Center for Teaching and Learning (CTL)
Academic grants used as incentives for divisions to
‘convert’ to digital media.
DU’s Blackboard On-line Class Implementation
4
Open Areas – “Hot Spots” (inside & outside)
Wired Classrooms
Homework, Syllabus, Class Notes, PowerPoint
Slides, quizzes.
Wireless Technology Concerns @
DU
Bandwidth limitations:
Privacy & Security
Performance: Not adequate for certain applications
Encryption & Authentication
Network Snooping – Separate VLANs for Wireless
networks (not ‘on-top’ of existing)
Technical Support / People:
Card Installs: its all about the “DRIVERS”
VPN Software: Installation/configuration
User password issues
5
AD / LDAP / Kerberos?
Wireless Technology Concerns @
DU - Continued
Evolving/changing wireless technologies & PC
operating systems:
“Rogue” Access Points – Dept. Installed
6
Incompatibilities with installed base
Upgrade costs
Security Issues – Network Access
Performance Issues (Duplex)
CDW ad: “I can do wireless”, “what is wireless”?
Top Level policy in draft stage - How to police?
Wireless Network Benefits for DU
Convenience
Places you cannot wire
Flexibility physical group learning models
7
Historical buildings
Access problems
Cannot get fiber uplink to
New type of “smart-classroom”
The Ricks Center
(DU’s private K-8 school)
First wireless system was proprietary infrared technology:
Summer 2000
Not well liked or successful (connect problems, lost sessions, etc.)
Replaced with 802.11b Network:
72 Laptops Provided to students by Ricks Center
4 x 802.11b Access Points
Security: MAC Address Registration & WEP
8
High administrative overhead
Works well in this closed environment
Content Management in place
The Ricks Center (Cont.)
Reasons for Implementing Wireless for K-8
Classes frequently broken into small “work
groups”
9
Group & individual research flexibility
Web Publishing application
E-mail
Lower bandwidth type applications
Rick Center: Continued
10
Purchased mobile Dell Cart to secure units
Penrose Library
(10) 802.11b Access Points Installed
Redefining the library….
Provides for wireless access for students, staff and
faculty in library
“Wireless Festival”
11
VPN tested with 25 laptop users
Ready for “prime time” by fall 2002
Expanding Wireless @ DU
Current Installed Base:
Summer Projects 2002:
12
70 total Access Points in (18) VLANs
Security: In process of implementing VPN
Adding (30) Access Points = 90 Total
VPN-Only Access for all wireless
21 total VLANs
So now you want to build a
wireless network?
13
“The RF Site Survey”
Outside Firm vs. In-House
Dictates # of APs and placement of APs
(RF Design)
14
Outside Costs: ~$100 per/hr per/person
DU tried 2 different firms – limited use now
Gives initial grasp of hardware & installation
costs
Site Survey
Recommendations:
Use 3 people to do the surveys:
1 person @ proposed base area with AP & various
antenna types
2 people on wireless laptops (w/802.11x radio) &
handheld walkie-talkies
Documenting SNR (in software) – to be overlaid on to
maps/floor plans.
Cannot do “valid” site-surveys from blue-prints
15
Changing Antennas type/position/location
Documenting results
New buildings: radio waves propagate much
differently with furniture and people present
Site Survey Recommendations:
(Cont.)
Assemble “Site Survey Tool Kit”
16
Detailed layout/blueprints of building
Portable battery pack for AP
AP & Radio Cards: use same brand as
equipment to be deployed
Variety of Antenna types
Misc: digital camera, tie wraps & tape,
flashlight, etc.
Antenna Placement
Recommendations:
Do not place antennas near:
Separation important with multiple antennas
17
Metal objects (filing cabinets, railings, I-Beams, lath,
pipes, etc.)
Walls (when possible; unknown construction)
Wave degradation issues
1 meter when on same tripod mast
Antenna should be placed in accessible area
Rooftops: Denver building code requires coax in
rigid conduit supported off the roof (stands)
Antennas (Cont.)
Think 3-Dimensionally
Keep coax / LMR waveguide to minimum
length
18
“Outside In” Approach (contain signals in
desired area)
Patterns vary by antenna type
Horizontal & Vertical “beam patterns”
Move the data cable & AP before making
coax longer
Wave Guide / LMR COAX
Cabling from Antenna to Access Point
LMR 200/400/600/800, etc. = Size & Loss
Properties
19
LMR have very low signal loss properties
Every Db matters: Keep distances as short as possible
Newer Balun (75 <-> 50 Ohm) & Amplifier combo units
available to deliver over cheaper RG-6 Coax
Times Microwave: Industry leader in cable, prep
tools, and connectors.
Coax (Cont.)
“Leaky Feeder Coax”
Used as “base-station” antenna
“Leakage Slots” in outer foil conductor
Applications: vehicular tunnels, mines, inside
buildings
Sized as LMR 600
Expensive
Performance: DU has not tried yet
20
Antenna Variables to look for:
Antenna Data Sheet: read, understand, be
skeptical (assume ½ coverage to be safe)
Beam Coverage:
Antenna gain: rating in Dbi. (extends tx/rx “range”)
Size/Shape
Aesthetics
21
Horizontal & Vertical (in degrees)
Remember: must have line of sight!
Cost
2.4 GHz rated (802.11b)
RF: Its all in the Antenna….
A.
B.
C.
D.
E.
F.
G.
H.
I.
22
Parabolic Grid Antennas
Radome-Enclosed Yagi Antennas
Omni Directional Antennas
Patch Antennas (Bow-Tie)
Planar Array Panel Antennas
Heavy-Duty Panel Antennas
Mobile Antennas
Indoor Ceiling-Mount Antennas
"Rubber Duck" Antennas
A. Parabolic Grid Antennas
Reflector grid antenna designed for longrange operation (line of sight & <7 mile)
and can be configured for either vertical or
horizontal polarization. UCONN Story.
Heavy-duty yet lightweight construction
and a UV-inhibited powdercoat finish.
Know your “Beam Pattern” or “Coverage”
23
Horizontal/Vertical discussion
B. Radome-Enclosed
Yagi Antennas
24
Radome-enclosed yagi antennas combine high
gain and wide beamwidth in a compact package.
Solid aluminum boom and elements enclosed
within a white UV-inhibited radome for all-weather
operation
“Pringles-Can” / War Driver article…
C. Omni-Directional
10db / 14 db Antennas
25
D. Patch/Panel Antennas:
Patch antennas are suitable for indoor and
outdoor use. They are designed to be
compact and aesthetic.
Narrow and wide beam avail.
26
Point to Point vs. AP
“Bow-tie” beam pattern
Low Price & excellent performance!
E. & F. Planar Array Panel
Antennas:
27
Some models offer an
attractive solution
(aesthetics) for fixed
subscriber and base
station applications,
High performance
alternative to Yagistyle antennas
Indoor/Outdoor
G. Mobile Antennas
28
Feature a variety of
gain, radiation pattern
and physical
mounting options.
Moving Vehicle
Applications
H. Indoor Ceiling-Mount Antennas
29
Ceiling-mount
antennas are high
performance,
aesthetic and nearly
invisible against a
suspended ceiling
(Holocom Panel)
~3db gain
I. "Rubber Duck" Antennas
30
Perfect for portable
applications and as
replacement
antennas for many
popular access points
Active Ethernet (PoE)
Active Ethernet eliminates 110v AC outlet
installation @ AP.
31
“Fault protected” recommended
“Injects” DC power onto the Ethernet
(CAT5/5e/6) cable on Pins 7&8 (unused by
Ethernet .
19” Rack Mount - 12 / 6 / 1 Port Available.
Cisco WS-3524-PWR - WILL NOT support
this feature without “Injector” hardware.
802.3af ratified (today: 3Com, Milan).
D.U.’s Implementation:
Agere/Orinoco & Cisco VPN
32
DU: 802.11b (Current Networks)
802.11b: Today’s most prevalent
wireless Ethernet IEEE Standard
2.4 GHz Carrier Frequency
Uses “Direct Sequence” Radio Scheme
Signals @ 4 speeds:11, 5.5, 2 & 1 Mbps
14 discrete Channels/frequencies
Applications:
33
Only 3 channels do not overlap (1, 6 & 11)
LAN, Point-to-Point, Point-to-Multi-Point
DU: Future Wireless Networks
802.11g (2.4 GHz, 22 Mbps)
Orinoco AP-2000 supports b & g in same box
Antenna Placement Remains the same
34
802.11a (5 GHz): Higher frequencies require more
antennas for same coverage
802.11b: Security & Access
(OSI Layers 1 & 2)
ESS (Network) ID: Text Constant Variable
DU: Using Single Standardized Name
Users can’t be expected to know multiple wireless
names for different locations
Open vs. Closed Network Setting (BSS):
“Open Setting”: Used by Windows XP to configure
network automatically (pros and cons)
“Closed Setting” does not broadcast ESSID (weak
security, user must know ESSID)
35
802.11b: Security & Access
OSI Layers 1 & 2 (Cont.)
MAC Address Registration (on APs)
Cumbersome & high management overhead
Must re-enter if card is swapped out
DU tried on 3 networks…...it’s over
DU Not Using: L2 WEP/WEP2 Key encryption
WEP2 (802.11i) not yet ratified
DU using VPN layer 3 solution
36
Encryption & AAA
802.11b: Security & Access (Cont.)
“Open” Access Points:
37
Mapped & Published on
the Web
“Warchalking”: Do the
outside walls of your
wireless buildings have
unusual graffiti?
DU Encryption & Access Using
VPNs:
VPNs: DU using Cisco 3030s to terminate VPNs
Configured for IPSEC-3DES – 168Bit
Authentication & Authorization: VPN Client software
leverages a back-end USER database for AAA
functionality
RADIUS: Radiator on Solaris 8
DU “Branded” Cisco-VPN Client Software for:
Windows (98/ME/NT4/2K/XP)
Not Yet DU-Branded:
38
Pocket PC, Palm OS, MAC OS 10,Solaris, Linux
“Locking Down” Wireless LANs:
Router Access Control List Objectives (so far):
39
# Allow IPsec to VPN Concentrators
#Allows MSFCs to see each other for HSRP
# Allow bootp on broadcast
# Allow bootp from DHCP clients
# Allow DNS to iVPN DNS server
# Allow download of client
# Allow MGMT station to ping router and AP's
# Allow these systems to be pinged
#Allow management station to snmp from APs
# Deny all else
University of Denver
Wireless LANs
Outdoor Antenna Grounding Diagram
Antenna
(typ.)
Tri-pod/Mast
Legend
LMR
Grounding Kit
GK-S400
6 AWG Bare
Copper
LMR 400
COAX
Roof Top
Antenna
Practices
Antenna_Ground
1"
Copper
Water
Pipe
Clamp
Edit Date: 5/28/02
Rev: 1.2
Filename:Wireless Install.vsd
Creator: cburnham
Company: DU = UTS/NS
Plywood Backboard
Power Strip
Pigtail
Wireless
AP
Surge
Arrestor
Copper Bus-Bar
Copper Bus-Bar
LMR-400
(In Flex-Tubing)
40
Surface J-Box
(use Caulking)
Roof Top
Antenna
Practices cont:
41
In-Ceiling
Antenna
Practices
42
Physical Network Topology
DU Data Backbone
Wireless is several Internal VLANs / Subnets
VLAN
7XX
VLAN
6XX
VLAN
8XX
VLAN
9XX
43
VLAN 110
44
Typical Proposed Wireless
45
Standards Watch:
46
DU: Standards-based solution
802.1X - EAP
Layer 2 Authentication
Drafts 7,8 & 10 on table – None Approved Today.
WEP works WITH 802.1X
WEP2 not expected to be ratified until 2003
Solution for Wired Network:
Cisco CAT OS 6.x+IOS 12.1+
Types
EAP TLS (transport level
security)
Client
OS
WIN2K &
XP
Certificate Server / Smartcard
(no challenge-response)
EAP TTLS
ONLY the Server has to have
cert.
AP to Radius Server - Clinet
does not care (USES TLS)
EAP Radius
EAP MD5
Cisco Supports
47
LEAP (cisco Version draft
10)
Lightweight EAP
Only Cisco AP Supported
Any Cisco Wireless Card
(download)
AP
Radius Server Support
AP2000/AP3
(ONLY
MODE
SUPPORTE Cisco Secure 3.0 NT & MS
D)
Active Directory
Cisco
340/350
N/A
?
?
?
XP
Cisco Only
N/A
Cisco Only
Funk Software only
IEEE - 802.11g
48
Doubles bandwidth with same RF
characteristics
Extends 802.11b (2.4 GHz) to 22 M
bit/sec.
Intended to be backwards compatible w/
802.11b
Approved.
Products expected Q3 2002
IEEE - 802.11a
Uses 5 GHz Carrier Frequency
6M–54M Bit /sec rates (54-100!)
Different Radio A.P. Design Criteria (4x rule):
49
802.11b = ~250-300 Feet
802.11a = ~90 Feet
Harder to get through walls, furniture, etc..
PC Cards will use more power – (Laptops)
Products available today
Total Cost of Ownership increases!
IEEE - 802.11e:
AKA
Whitecap2 – Cirrus Logic
Earliest
New
incarnation of IEEE 802.11e
standard proposal will add:
QoS
Features (multi-media, voice, etc.)
Applies to 802.11a, 802.11b, 802.11g
Major improvements in overall “channel
robustness”
Deals with adjacent subnets operating
on the same channel
50
Ratification expected Q3 2002
IEEE – 802.11i:
New
standard proposal will add:
Enhanced
WEP (a.k.a. WEP2)
Applies to 802.11a, 802.11b, 802.11g
New encryption & authentication methods
Temporal Key Integrity Protocol (TKIP)
AES (an iterated block cipher) and TKIP
backwards compatibility.
51
Ratification expected Q3 2002
IEEE – 802.11f:
New
standard proposal will add:
a
"recommended practice" document
“Roaming” Interoperability between
vendors:
Defines
registration of access points within
a network and interchange of information
between access points when a user is
handed over from one access point to
another.
52
Ratification expected Q3 2002
IEEE – 802.11h:
New
standard proposal will add:
Supplementary
standard to MAC layer in
order to comply with European regulations
for 5GHz WLANs.
53
Ratification expected Q3 2002
Product Links:
Agere (Orinoco) = AP2000/1000/500
Cisco = AP1200
http://www.cisco.com
Antenna Reseller:
54
http://www.agere.com
Proxim bought Agere 6/2002
http://www.hyperlinktech.com/web/antennas_
2400.html
Other Good Articles & Links
http://standards.ieee.org/
http://www.wi-fi.com/
http://www.wireless-integration.com
http://www.80211-planet.com
This Presentation:
55
Will make available on Westnet site
Questions ??? and Answers ???
56