caen wireless network college of engineering university of michigan october 16, 2003 dan maletta
TRANSCRIPT
![Page 1: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/1.jpg)
CAEN Wireless Network
College of EngineeringUniversity of Michigan
October 16, 2003Dan Maletta
![Page 2: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/2.jpg)
CAEN Wireless Design Goals
• Make system interoperable– Support for multiple platforms: Linux (Intel),
Windows, MacOS. PDAs?– If you have any wireless network card, it will
work!!• Provide seamless wireless coverage• Provide an authentication mechanism for
entire University Community that doesn’t require registration of NIC
• Provide a secure mechanism for transporting data within wireless network
![Page 3: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/3.jpg)
CAEN Wireless Design Goals (cont.)
• Provide easy-use procedure for University community
• Make system scalable• Provide separate solutions for
conference rooms that allows for easy and fast network access
• Treat wireless and security separately.
![Page 4: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/4.jpg)
CAEN Wireless Network System
• Supports the above goals• Coverage now in 11 Buildings (~100APs)• Authentication and data security provided by a
Virtual Private Network (VPN)• System currently supports up to 50Mb/s of
sustained throughput and 1500 simultaneous users.
• Users can access wireless for 1st time 24 hours a day.
• Conference room setup being tested in LEC• Supports TCP/IP only. No IPX or AppleTalk
![Page 5: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/5.jpg)
Overview of Authentication and Security Setup
• VPN server provides authentication and data security services– Server acts as a gateway to “wired” network– Users install an IPSec client (software) to access
VPN server– Users then authenticate to VPN server with
Kerberos ID– Data from client machine to server is encrypted
(3DES)
• IPSec VPN different than Windows and MacOS built-in PPTP VPN client.– Exploring options for how to allow those clients
![Page 6: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/6.jpg)
Wireless system (Diagram)
Wireless
Network
10.213.120.x
UofM NetworkUofM Network
InternetInternet
Border Router
VPN Server
Web ServerWireless Access Point
Auth. Servers
![Page 7: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/7.jpg)
User Associates with Network
Wireless
Network
10.213.120.x
SSID: CAEN Wireless
UofM NetworkUofM Network
InternetInternet
Border Router
VPN Server
Web ServerWireless Access Point
You are now associated with
network CAEN Wireless
Auth. Servers
![Page 8: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/8.jpg)
User Get An IP address from Server
Wireless
Network
10.213.120.x
UofM NetworkUofM Network
InternetInternet
Border Router
VPN Server
Web/IP ServerWireless
Access Point
IP address
10.213.120.52 Auth. Servers
![Page 9: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/9.jpg)
User Tries to open a Web Page
• User is re-directed to Wireless Network Web server– CAEN web page tells user how to gain
access to wired network.– CAEN web page contains software and
instructions for connecting and installing VPN client.
– After trying to use wireless, user installs software and reboots computer.
– Wireless network is now available to user with VPN software.
![Page 10: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/10.jpg)
User Starts VPN Connection and Authenticates with server
Wireless
Network
10.213.120.x
UofM NetworkUofM Network
InternetInternet
Border Router
VPN Server
Web/IP ServerWireless
Access Point
IP address
10.213.120.52
uniqname & PasswordTunnel IP address
Auth. Servers
![Page 11: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/11.jpg)
Tunnel is now Established and User can now communicate on
Internet
Wireless
Network
10.213.120.x
UofM NetworkUofM Network
InternetInternet
Border Router
VPN Server
Web/IP ServerWireless
Access Point
IP address :10.213.120.52
Tunnel Addr: 141.213.120.87
Secure Encrypted Tunnel
Auth. Servers
![Page 12: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/12.jpg)
Support
• The CAEN Hotline is answering questions as users have them
• Web site has an FAQ where we list common problems
• Hotline has laptops running all 3 OS flavors and Wireless cards from 7 vendors!!!
• Access Points have identical configurations so low overhead on configuration issues
• We have redundant servers to handle single machine failures
![Page 13: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/13.jpg)
What We’ve Seen So Far
• We’re average about 500 sessions per day for the last two months. Our peak over that time has been ~110 simultaneous connections
• No complaints about lack of support for MacOS 8 and 9.
• A real demand for PDA support
![Page 14: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/14.jpg)
Wireless deployment costs
• Access Points $600.00• Antennas: $100.00-200.00• Cable to Access Points from
Closets (2 cables): $250.00• Conduit from cable tray to access
point location: $400.00-1500.00
![Page 15: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/15.jpg)
Wireless build-out model for CoE
• CAEN/CoE is currently covering a number of computing labs and public spaces
• CAEN/CoE is doing a limited departmental rollout to cover some classrooms, conference rooms.
• Departments are responsible for purchasing equipment to cover areas within their department.
• CAEN/CoE performs installation and supports installed equipment.
![Page 16: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/16.jpg)
What’s worked well
• Windows boxes with Cisco client work well together
• VPN server is able to keep up and generate good stats.
• Easy to add access points to the system
![Page 17: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/17.jpg)
What hasn’t been great
• Handhelds• Open BSD• Wireless gateways
– Security vs. perceived ease of use
• Guest Access solutions
![Page 18: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/18.jpg)
Guest Access
• Still working on a good guest access solution• Come to Hotline (2320 Media Union)
– Must be accompanied by person representing them. Must provide contact information
– Expiration is set for one business week at start of every week
– Instant access (5 minutes)
• If affiliated with the University, access will be available at Reference desk on a weekly checkout basis
![Page 19: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/19.jpg)
Future Plans
• Continue deployment in buildings ~30-40 APs in next 3 months
• Movian Client support for PDAs (Both Palm and PocketPC)– How are people licensing
• Conversion from 3DES encryption to AES• Support for Native windows VPN protocols??• 802.11g deployment• WebVPN (SSL-based VPN)• SSH pass-through to login machines
![Page 20: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/20.jpg)
Discussion Items
• 802.1x– Is anybody looking to use it?– Microsoft’s announcement of proprietary
replacement
• SSL-based VPNs• 802.11a vs. 802.11g• Wireless for home use
– Is anyone making recommendation to people– VPNs or secure access for broadband
connections
![Page 21: CAEN Wireless Network College of Engineering University of Michigan October 16, 2003 Dan Maletta](https://reader035.vdocument.in/reader035/viewer/2022062518/56649ecb5503460f94bd9c87/html5/thumbnails/21.jpg)
Check out our wireless site
• http://www.engin.umich.edu/caen/network/wireless