Presentation is loading. Please wait.

Presentation is loading. Please wait.

Overlapping eduroam networks operated by different organizations

Published byDortha Long Modified over 7 years ago

Similar presentations

Presentation on theme: "Overlapping eduroam networks operated by different organizations"— Presentation transcript:

1 Overlapping eduroam networks operated by different organizations
Jan Furman, CESNET TNC 2008, Bruges, 21 May 2008

2 Agenda Introduction, potential problems
Problem description (overlapped eduroam networks) Possible solutions CISCO unified wireless solution overview CESNET’s case study Summary Q & A

3 Introduction One campus with many different organizations
(e.g. universities) Ideal situation: No disturbance between wireless networks in the campus Optimal usage of radio channels and hardware Transparent roaming between organizations must be ensured (eduroam) To maximize signal coverage across whole campus (signal overlapping is unavoidable)

4 Potential problems Radio management (radio channels assignment, radio interference, transmit power, …) Very complicated network management in case of huge amount of access points Problem with overlapping different networks with the same SSID (eduroam) – flapping clients

5 Overlapping problem description

6 Overlapping problem description
This problem is mentioned in the eduroam roaming policy document. * “Overlapping IP-subnets with same SSID is known to be a problem. If this situation occurs the SSIDs of those institutions involved can be changed to 'eduroam-[inst]' (where [inst] is an easily understandable indication of institutions name). If this solution is applied the SSIDs MUST be broadcasted.” * … GN2 JRA5 deliverable DJ5.1.3, part 2: Policy document, chapter [Confederation member level technical requirements], paragraph 12.

7 Possible solution - 1 SSID with organization related extension
(e.g. “eduroam_cesnet”); mentioned in the roaming policy Pros: Easy to implement It solves the problem of flapping client Cons: The beauty of transparent roaming is lost Requires some configuration on the client side

8 Possible solution - 2 Single VLAN across whole campus - all eduroams are terminated to this VLAN, centralized IP address assignment, strong cooperation is necessary Pros: It’s better than nothing Cons: Very complex AP management – unclear competence It don’t solve the problem of client flapping completely Very complex and problematic troubleshooting Huge IP address space is necessary

9 Possible solution - 3 Wireless Lan Controller (WLC) Pros:
Fast handover between APs is ensured (in scope of whole mobility group) Effective management of big amount of APs Automatic control of radio parameters Rogue AP detection It solves the problem of flapping client Cons: High cost Proprietary Centralized solution is provided by many vendors - in this presentation is mentioned only implementation from CISCO.

10 CISCO unified wireless solution - overview
Lightweight APs (conversion from IOS to lightweight) LWAPP tunnel between WLC and AP All “intelligence” is on the WLC – AP is just a “remote radio” This picture originates from

11 CISCO unified wireless solution - overview
WLC is single point of failure – backup is necessary Fast Secure Roaming – handover time is 50 to 100 ms Prerequisites: Cisco Compatible Extensions (CCX) CCXv2 … CCKM is supported for LEAP only CCXv3 … EAP-FAST CCXv4 … other EAPs (EAP-PEAP, EAP-TLS, …) Cisco Centralized Key Management (CCKM) Bug in Windows Vista – CCKM is recognized as WEP protected network Proprietary – CAPWAP is possible solution for interoperability, still in phase of draft

12 Wireless Lan Controller
This picture originates from

13 Wireless Lan Controller
This picture originates from

14 WLC – mobility group This picture originates from

15 Wireless controllers This picture originates from

16 CESNET’s case study

17 CESNET’s case study Each organization (6) has its own controller
One centralized backup controller Each organization has full control over its radio network Radio coverage around whole campus is optimal because it is centrally controlled by WLCs No interferences – radio channels are allocated automatically by WLCs Very good practical experience with this solution

18 CESNET’s case study

19 Summary Description of problem with flapping client – overlapped eduroam networks Possible solutions CISCO unified wireless solution – Wireless Lan Controllers and their application CESNET’s case study

20 Q & A

Download ppt "Overlapping eduroam networks operated by different organizations"

Similar presentations

Anatomy of an 802.11 Wi-Fi Enterprise Wireless LAN Chris De Herrera Pacific Crest Bank Chief Information Officer Webmaster, Tablet PC Talk, CEWindows.NET.

Anatomy of an Wi-Fi Enterprise Wireless LAN Chris De Herrera Pacific Crest Bank Chief Information Officer Webmaster, Tablet PC Talk, CEWindows.NET.
Wireless Technology.

Wireless Technology.
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
1 Wireless LANs – in Academy Curricula Presenter: Gratitude Kudyachete EA - CATC.

1 Wireless LANs – in Academy Curricula Presenter: Gratitude Kudyachete EA - CATC.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.0 Configure a Wireless Router LAN Switching and Wireless – Chapter 7.
The world is going to wireless …. Wireless Networking Part 2 CCNP Switch Hossein Shamloo.

The world is going to wireless …. Wireless Networking Part 2 CCNP Switch Hossein Shamloo.
How secure are 802.11b Wireless Networks? By Ilian Emmons University of San Diego.

How secure are b Wireless Networks? By Ilian Emmons University of San Diego.
Northern Arizona University Wi-Fi 2005 Flagstaff Campus Wireless Plan 4/11/2005.

Northern Arizona University Wi-Fi 2005 Flagstaff Campus Wireless Plan 4/11/2005.
MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.

MITP | Master of Information Technology Program Securing Wireless LAN using Cisco-based technology Campus Crew Study Group Paul Matijevic Ed McCulloch.
This work is supported by the National Science Foundation under Grant Number DUE-0302909. Any opinions, findings and conclusions or recommendations expressed.

This work is supported by the National Science Foundation under Grant Number DUE Any opinions, findings and conclusions or recommendations expressed.
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN 6 - 6 1 Configuring Wireless LANs BCMSN Module 6 Lesson 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialBCMSN Configuring Wireless LANs BCMSN Module 6 Lesson 6.
Protected Extensible Authentication Protocol

Protected Extensible Authentication Protocol
D-Link Unified Access Point

D-Link Unified Access Point
Flexible Network Access Overview. Flexible Access an Integral part of Universal Access Policy Universal Access to Campus IT Resources Managed LAN portsFlexible.

Flexible Network Access Overview. Flexible Access an Integral part of Universal Access Policy Universal Access to Campus IT Resources Managed LAN portsFlexible.
Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer.

Company LOGO WIRELESS DEPLOYMENT A successful solution to Campuswide role-based secure Wi-Fi deployment Andrea Di Fabio – Information Security Officer.
Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.

Marwan Al-Namari Week 10. RTS: Ready-to-Send. CTS: Clear-to- Send. ACK: Acknowledgment.NAV: network allocation vector (channel access, expected time to.
© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.

© 2007 Cisco Systems, Inc. All rights reserved.ICND1 v1.0—3-1 Wireless LANs Understanding WLAN Security.
Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.

Chapter 3 Application Level Security in Wireless Network IWD2243 : Zuraidy Adnan : Sept 2012.
Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.

Agenda 10:00 11:00 Securing wireless networks 11:00 11:15 Break 11:15 12:00Patch Management in the Enterprise 12:00 1:00 Lunch 1:00 2:30 Network Isolation.
© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 IT Essentials PC Hardware and Software 4.1 Instructional Resource Chapter.

Similar presentations

Ads by Google