Wireless Thin and Thick? Dave Packham Westnet 2005

Thick AP Traditional AP with smarts Standalone architecture

Thin AP Thin AP only a radio No smarts has to talk to a brain in closet

First Thin AP Spreadsheet in email Trapeze Networks – MX-20 & MX-8 with MP-252 and MP-352 APs. Pros : Includes only functionality that is directly related to wireless technology. This results in a simple solution that is easy to manage and deploy. Also allows granular control of cryptographic settings which allows it to fit in any scenario that may come in the future. Cons : Currently only supports “peer keying”, which can be a security concern if reauthentication doesn't happen frequently enough. Currently lacking in good SNMP support.

Second Thin AP Aruba Networks – 5000 switch with 60 and 70 series APs. Pros : Allows the configuration of using “peer keys” or not. Can handle a large number of APs on a single controller. Cons : Does not allow granular control of cryptographic settings, which may cause difficulties in migrating to better cryptographic options in the future. Both : Provides functionality above and beyond the basic functionality needed for a wireless network. This includes a firewall, wireless IDS, and VPN concentrator. These additional capabilities could prove useful in departments where this functionality is desired. However, having this extra functionality where it is not used will increase the cost, and the chances of difficult to diagnose software problems.

First Thick AP Foundry Networks – Ironpoint 200 Pros : Large operational installed base, while only being slightly behind the technology curve in relation to currently available standards. Can make use of Foundry switches to provide some functionality similar to thin AP solutions. Cons : Difficulties with support causing many problems with incompatibility on campus. Doesn't support WPA2/802.11i.

Second Thick AP Cisco Systems – AP 1200 series Pros : Solid AP with a large, well established company behind it. Cons : Only supports peer keying. Quite far behind the technology curve as it relates to cryptographic capabilities. Doesn't support WPA2/802.11i.

Wireless on our campus Wireless technology is rapidly evolving, and the University must take a stance that allows it to deal with new technologies, and issues. In the near term, it is believed that the campus will begin to embrace better encryption methods that have become available. To this end, while APs were being evaluated, care was taken to look at the ability to support newer cryptographic technologies such as WPA and WPA2/802.11i.

What wouldn’t fit on the other slide These new technologies provide a large number of new configuration options that must be looked at with respect to currently available hardware, and current campus directions. Based on this, the following assumptions were made about the future direction of wireless on campus.

Don't try to stuff round AP’s into square needs?

Fine print Voice over IP on wireless will be a technology that will be of interest to the campus. Most Voice over IP on wireless phones currently only make use of 802.11b wireless radios. Most 802.11b wireless radios only support RC4 encryption. APs must support both TKIP and WEP in order for current generation phones to work on future generation hardware. 802.11i provides additional functionality, including better encryption keying methods, and preauthentication that will be useful in maintaining security of voice and data, and allow roaming from AP to AP to happen more quickly. (Improving AP to AP roaming will be necessary to avoid pauses or other problems with Voice over IP phones.) WPA and/or WPA2 will be deployed on campus in the near future.

SIP Wifi Hitachi IP5000 …….. Ip 128.138.112.162:8080 .. The product offers basic functions similar to existing cell phones. Memorizes up to 200 addresses Displays short messages Vibrating alert (telephone, short messages) The product is developed as wireless LAN terminal equipment and has the following functions needed by system integrators. PING - to check if IP packet has been delivered to a designated address Function for searching wireless LAN access points Function for measuring radio signal strength The "Wireless IP-5000" can be set up and supplied power by connecting it to a personal computer via USB cable. The product is designed to work under various conditions and is easy to operate.

Specifications Call control protocol--SIP Voice encoding method--G.711A-Law/U-Law, G.729A Wireless LAN specification Standard--IEEE802.11b compliant Protocol--CSMA/CA Transmission method Direct Sequence Spread Spectrum Speed--11/5.5/2/1Mbps Radio frequency--2.400~2.497GHz Call time--Continuous call time--Approx. 3:10 hours Continuous stand-by time--Approx. 55 hours Charging time--Approx. 3 hours Dimensions 127(H)×43(W)×20.2(T)mm Weigh--102g Other equipment included--Wireless IP-5000 body, cradle, AC adapter, batteries Option--USB cable (60cm)

Public Safety AP plan UofU Police wants campus wide coverage Start with the doughnuts shops Then cover the whole campus OpenSource AP’s??? Thick/Thin??? St George design and working system

Vehicle Equipment 1 x car… 1 x Soekris 4521 single board computer with 2 pcmcia slots 1 x Wifi card 1 x GPRS cellular card for backup network 1 x 700 mhz ipmobile backup over police band GPS for vehicle tracking and mapping

St George Map

Outdoor AP’s

Antenna Install

St George Coverage

MUST HAVE Lightning Arrestors

Tall Towers == Risk

Questions? Thanks to Washington County Utah for the pictures and initial testing and loss of equipment in lightning arrestor testing… Starting a sourceforge project for this Dave.packham@utah.edu if you want more info