Article Content

Wi-Fi's real security risks and rumored performance lags seem to be small obstacles to its acceptance among institutions of higher education. With increasing frequency, extending the campus LAN means going wireless. The topologies are often similar from campus to campus, applying one and sometimes two of the IEEE's 802.11x wireless protocols. Most often, 802.11b is the standard selected, either as a precursor to the coming 802.11g (with which it is backward compatible) or because it is so broadly available, having been first on the market. But some campuses have also chosen 802.11a.

Referred to as WLAN, Wi-Fi, and 802.11x, these wireless topologies find few roadblocks to implementation among colleges and universities. In this environment, return on investment (ROI) is calculated in terms of savings, value, services, and the investment made in students themselves by enhancing the learning environment.

Wi-Fi installations also present few physical challenges. Usually, campus IT departments perform the installations quickly - sometimes in just a few weeks. Once an institution has invested in vendor selection and gathered vendor input, there is little further delay before the proposed WLAN is up and running. Wireless access points (APs) deliver freedom of movement and untethered access at about 6 Mbps (adjusting from the advertised 11 Mbps for about 5 Mbps of overhead traffic, which routes and delivers the payload). Campus constituents seem to be satisfied with this speed - at least for now.

The following is a brief overview of seven campuses that agreed to share their wireless stories.

Practical Considerations at Clarion University

The Clarion University library is currently served by a wireless LAN of 30 APs optimally placed throughout the building. "The library was recently renovated," says Michael A. Phillips, network and communications manager at the university (mphillips@clarion.edu), "so, as part of that renovation, we wired it with CAT5e cabling, but we also planned for a wireless network."

The five-story structure has adequate wireless coverage throughout as well as some outdoor access. The WLAN is interconnected through a dedicated VLAN, set up exclusively for the wireless network. The infrastructure includes Cisco wireless access points, a Bluesocket wireless firewall, and Marconi Ethernet equipment.

Clarion chose the 802.11b standard in part based on price and availability. Clarion is strongly considering 802.11g for upgrades, as many campuses are. The 802.11g protocol is not only backward compatible with 802.11b but is also expected to deliver on the promise of 54 Mbps, almost five times the speed of 802.11b. (802.11a delivers 54 Mbps but is not compatible with 802.11b or g). The 802.11g standard is expected to be finalized this year - perhaps as early as this summer - with some producers like Linksys already rolling out 802.11g products.

What about Clarion's wireless hardware?

"We're not using the standard, 'off-the-shelf' APs from Cisco with the integrated antennas," says Phillips. Rather, Clarion is using a model from the Cisco 350 Series that adds the option of an external antenna. The Clarion library's drop-ceiling tiles were retrofitted with integrated antennas from Armstrong as part of the networking. "We wanted uniform coverage cosmetically consistent with the rest of the building," says Phillips.

Wireless ceiling tiles allow Clarion more control over where the radio signal travels. In dense areas such as Clarion's library, this helps keep any one AP from bearing the load for the whole network. The wireless ceiling tiles keep the service seamlessly invisible to its users.

Accommodating Students at RIT

Rochester Institute of Technology (RIT) prepared for the possibility of an upgrade in 802.11 protocols and APs while deploying 802.11b. By installing two Ethernet jacks at every AP location during the 802.11b installation, RIT made ready to carry two standards to ease migration. Should 802.11a or g look inviting, RIT can test the additional protocol and APs while maintaining 802.11b coverage.

For RIT, Wi-Fi is an extension of a flat, single network on a single subnet. "We expect that as wireless usage grows, we are going to run into the typical problems that are present on a flat, single network. That will dictate the need to change the topology," says Patrick Saeva, program manager for the IT department at RIT (pjsits@rit.edu). For now, this simple flat topology guarantees seamless roaming for campus constituents.

RIT plans eventually to consider additional wireless services beyond surfing and basic Internet use. As traditional return on investment concerns (and financing) are not obstacles, only a strong demand for expanded services will determine implementation.

Calculating ROI is a difficult process. RIT's decision to invest in wireless services was based on whether it would help the students. A similar philosophy guides the decision-making process at other educational institutions.

Flexibility at Syracuse University

"We bought APs that will accommodate either 802.11a or g," says Lee Badman, network engineer at Syracuse University (lhbadman@syr.edu). With a solid 802.11b base, Syracuse would lean toward advancing to 802.11g when the need for greater speed arises. The 802.11g standard provides the same speeds as 802.11a but within the 2.4 GHz ISM band. (Residing in the 2.4 band is the commonality between 802.11g and b that makes g backward compatible with b.)

The wireless topology is a neutral, demilitarized-zone network that sits outside the university's main network. It exists on one subnet across the campus. A gateway/firewall provides protected access. "It's considered untrusted, and the gateway/firewall separates the users from the rest of the campus," says Badman.

Syracuse's wireless LAN has presented no problems in the areas o f speed, performance, and reliability. Security risks are mitigated by the value of having wireless LAN service and by the separation from other campus networks. Badman expects that there will always be some security risks.

Dual-Mode Solution at UNC

The University of Northern Colorado uses Vernier Networks' IS 6000 (an integrated control server and access manager) to authenticate students on its 802.11a and b networks. The wireless network is separated from the campus's wired network. Following a site survey (performed by NetCom International) Vernier was selected along with Cisco for the APs and the wireless virtual private network (VPN).

Asked why UNC uses both 802.11a and b, Jeanette Van Galder, director of administrative information technology (jeanetter.vangalderl@unco.edu), said, "While the 802.11b network interface cards

[NICs] are more prevalent in the consumer market, we wanted a dual-mode solution for individuals requiring higher speeds and additional capacity."

Segmentation from the primary network is accomplished with VLANs. UNC uses Cisco's VPN for faculty and staff for data encryption and for drive mappings to the current active directory, says Van Galder.

UNC installed in-house based on NetCom's findings for the optimal placement of APs. It also installed its own wireless security using not only VPN but also LDAP. Van Galder says that although they use the network only for WLAN, VoIP could be considered among added services.

Productivity and efficiency improvements are a big part of UNC's ROI. Because students are sharing files directly between laptops, server loads are decreasing. Students are spending more time on the network and are more productive.

Meeting Many Needs at OIT

"Basic service set [BSS] is the current layout for Oregon Institute of Technology [OIT] wireless networking. Each AP is connected to a wired Ethernet jack," says Agnes Box, telecommunications coordinator, information technology systems, OIT (boxa@oit.edu). As with other 802.11 topologies, there is some overlap of coverage by APs in order to ensure sufficient coverage everywhere.

OIT used products from vendors Cisco and Avaya (formerly Lucent), already familiar from their use at other Oregon University campuses. Specifically, these are the Avaya Wireless Access Point-3 Ps with power-injected Ethernet, silver and gold wireless cards, and antennas from Avaya, which were once the WaveLAN products.

Criteria used for evaluating 802.11b solutions included the number of users connected at any one time, the ease of migration, and scalability. OIT will likely migrate to 802.11g to meet eventual demands for greater speed. Campus topology will probably evolve to extended service set (ESS) when this happens. With ESS, overlapping broadcast rings will provide roaming from building to building. As a natural enhancement to the network, the corrugated metal buildings at OIT act as antennas, sending a strong Wi-Fi signal throughout the buildings.

An Integrated System at Collegis/Salt Lake Community College

Larry Maughan's team at Collegis/Salt Lake Community College went to Proactive Network Management Corporation "for engineering, coordination, and support in integrating [wireless] into the existing network," says Maughan, director of netcomm (larry.maughan@slcc.edu). Collegis/Salt Lake is now implementing VLANs as a solution to conflicts between APs. Future services will expand to include PDAs (in trial mode now) and soft phones.

As it has for other institutions, 802.11b have been very reliable for Collegis/Salt Lake. The Cisco LEAP security product manages security, and all users are required to log on via an account on the active directory. The only problem seems to arise from weeding out bad APs. The process will be greatly unburdened by the adoption of the Cisco Wireless LAN Solutions Engine (WLSE), which will allow remote identification, location, troubleshooting and configuration of APs. Until this solution, Collegis/Salt Lake has been searching for bad APs manually by touring the suspect coverage area with wireless laptops upon notification of the problem to technical support.

John Dunn and Proactive Network Management Corporation helped Maughan and his group with their wireless deployment. Together they set up 802.11b coverage for 13 sites including four major campuses - every room in every building. "We used Cisco ACS products for the authentication, and then it was tied back into its closest switch where it also receives its power," says John Dunn, president of Proactive Network Management (john@pnmc.com). Maughan and his team did most of the design, and the two organizations worked together on the site survey and implementations.

Seeking Security at Bridgewater State

Using Enterasys R2 APs and Cisco switches, director of telecommunications Patrick Cronin (pcronin@bridgew.edu) and the Bridgewater State College team set up 802.11a. As the topology evolves from a simple routed network, Cronin plans for "some sort of solution to segment the collision domains without requiring an additional login as you roam." Bridgewater is considering Bluesocket, Vernier, and other solutions.

As far as security goes, "Right now we don't allow access to our administrative systems from the wireless network," says Cronin. However, as Bridgewater comes to rely more and more on the wireless network, more critical data will be transferred over it, and security will become more of an issue.

Just as many other institutions today, Bridgewater is conservative about plans for services in addition to WLAN. It has taken a glance at 802.11b phones.

Enterasys helped Cronin set up Bridgewater's 802.11a network. When asked about the topology, John-Paul Gorsky, director, wireless product line, at Enterasys (gorsky@enterasys.com), said, "The typical topology you will see is buildings, or floors in buildings, connecting back to the intermediate distribution frame on the particular floor." The wireless topology depends a lot on what the wired topology is - whether the wired networks on each floor are individual subnets, for example. Roaming works best on the same subnet.

Conclusion

There are a variety of ways to approach implementation of 802.11 protocols, and a selection of hardware solutions is available. Flexibility, keeping your options open for the future, seems to be the secret of success.

Sidebar

The 802.11 standard and the FCC

The FCC doesn't require licenses for any of the 802.11 protocols and so these are freely used.

"Since the FCC does not require licenses for use of the 2.4 GHz or the 5.15-5.35 and 5.725-5.875 GHz spectrum bands, companies may develop products and services according to business plans that they think will best suit users - subscription, free or whatever," says Anita Wallgren, attorney at Sidley, Austin, Brown, and Wood, LLP (awallgren@sidley.com).

Wallgren notes that the FCC does, however, stipulate that companies obtain Part 15 certification for the APs and receivers. This is in order to meet power and performance specifications. The unlicensed spectrum model for 802.11 will likely continue due in large part to its level of success.

About the author:

David Geer writes for national and international publications like Computerworld, certain IEEE Computer Society publications and dozens more. E-mail him at D avid@GeerCom.com, call him at 440-964-9832 or visit his Web site at www.GeerCom.com.

Written by: David Geer

Informative Articles