Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.swan.ac.uk/lis. 802.1X Deployment with SU1X By Gareth Ayres.

Published byAmari Penny Modified over 10 years ago

Similar presentations

Presentation on theme: "Www.swan.ac.uk/lis. 802.1X Deployment with SU1X By Gareth Ayres."— Presentation transcript:

1 www.swan.ac.uk/lis

2 802.1X Deployment with SU1X By Gareth Ayres

3 www.swan.ac.uk/lis Agenda 1.0Quick Introduction 2.0Wireless and Eduroam at Swansea 3.0The Problems 4.0The Solutions 5.0Our solution: SU1X 6.0SU1X Demo?

4 www.swan.ac.uk/lis 1.0 Quick Introduction Gareth Ayres Wireless Network Officer, Swansea University –Development of wireless network and other networking stuff –Part of the original LIN JRS trials –Member supplicant group –Member 802.1x SIG group PhD Student (unrelated) FIFA Assistant Referee (sorry!)

5 www.swan.ac.uk/lis 2.0 Wireless at Swansea: 2004 2004-2005 4 RoamNode Servers (VPN & PPPOE) 250 Autonomous access points ~800 unique users / day

6 2.0 Wireless at Swansea: 2004

7 www.swan.ac.uk/lis 2.0 Wireless at Swansea: 2004

8 www.swan.ac.uk/lis 2.1 Wireless at Swansea: 2007 2007-2008 10 RoamNode Servers (VPN servers) 700 Autonomous access points Setup Wireless Network ~2300 unique users / day

9 2.1 Wireless at Swansea: 2007

10

11 www.swan.ac.uk/lis 2.1 Wireless at Swansea: 2007

12 www.swan.ac.uk/lis 2.1 Wireless at Swansea: 2007

13 www.swan.ac.uk/lis 2.2 Wireless at Swansea: 2009 2009-2010 0 RoamNode Servers ~850 Lightweight access points 4 Cisco WiSM’s ~3000 unique users / day 1 WPA eduroam SSID, 1 open setup SSID

14 2.2 Wireless at Swansea: 2009

15

16

17 www.swan.ac.uk/lis 2.2 Wireless at Swansea: 2009

18 www.swan.ac.uk/lis 2.2 Wireless at Swansea: 2009

19 www.swan.ac.uk/lis 3.0 The Problems Problems with a 802.1X Wireless Networks: 1.Design Problems (Initial problem) 2.Support Problems (Everlasting problem)

20 www.swan.ac.uk/lis 3.1 The Problems: Design Is 802.1X wireless complicated? WPA or WPA2 + EAP (PEAP [with EAP-MS-CHAPv2 or EAP- TLS] or TTLS [with MSCHAPv2 or TLS or PAP)) with certificates + back end authentication (LDAP or AD or Novel e- directory) + RADIUS (FreeRadius or Cisco ACS or Radiator or IAS) * Different client implementations = Confusion Yes it is...

21 www.swan.ac.uk/lis 3.1 The Problems: Design But... Its not that complicated when you get used to the acronyms and understand the fundamentals. Design directly affects future support needs. Design... Beyond the scope of this presentation Swansea = WPA/WPA2+PEAP/TTLS+FreeRadius+LDAP/e-dir

22 www.swan.ac.uk/lis 3.3 The Problem: Support This time, it really is Microsoft's fault! Well, all OS developers, Cisco and Juniper’s fault. A little bit... Supplicant is the biggest support issue Microsoft = PEAP = 69% of clients OSX = PEAP or TTLS = 7% Linux = PEAP or TTLS = 7%

23 www.swan.ac.uk/lis 4.0 The Solutions: Supplicants Supplicants: Microsoft = free with OS OSX = free with OS WPA_Supplicant (Linux) = Open Source Cisco / AEGIS = Closed shop Juniper / Odyssey = $$$ SecureW2 = $$$

24 www.swan.ac.uk/lis 4.1 The Solutions: Supplicants IEEE 802.1X = Open Architecture Any EAP type should work Supplicant should be free, easily configurable and deployable Big companies owning supplicants with their own agendas OS developers should provide good supplicants. Shouldn't have to pay to configure OS supplicants

25 www.swan.ac.uk/lis 4.2 The Solutions: OpenSEA OpenSEA – JANET UK Supplicant Group Were hoping to use Open1X for all OS’s in 2009. OpenSEA not ready. Either pay for XpressConnect or SecureW2 or deal with native OS supplicants.

26 www.swan.ac.uk/lis 4.3 The Solutions: Manual Configuration Faced with Manual Configuration: 4000 users need to be set up in a few days Takes ~4 mins for IT Staff to do manual configuration Too complicated for users 4000 * 4 = 16000 mins = 266 hours = tired IT Support Staff

27 www.swan.ac.uk/lis 5.0 Our Solution: SU1X Windows XP (SP3), Vista and Win7 Supplicants are OK. Some issues, but not show stopping. Configuration and certificate distribution difficult WLANAPI allows for wireless control and configuration Deployed from open setup SSID upon registration SU1X = Tool that uses wlanapi to configure Microsoft supplicants

28 www.swan.ac.uk/lis 5.1 Our Solution: SU1X Features SU1X Features: Automation of configuration of a PEAP wireless connection XP(SP3),Vita and Win 7 EAP credentials without additional user interaction Installation of a certificate (silent) Checks for WPA2 compatibility Third party supplicant check SSID removal and priority

29 www.swan.ac.uk/lis 5.1 Our Solution: SU1X Features

30 www.swan.ac.uk/lis 5.2 Our Solution: SU1X Support Additional Features: Support tab: Checks: adapter, wzc service, profile presence, IP Outputs check results to user with tooltip bubble and/or to file Printer tab to add/remove networked printer Wireless Printing = Income

31 www.swan.ac.uk/lis 5.3 Our Solution: SU1X Future Possible Future Features: Remove capture tool and use config file only Send problem report emails LDAP credential checks via HTTPS to PHP

32 www.swan.ac.uk/lis 5.4 Our Solution: Did it work?

33 www.swan.ac.uk/lis 5.6 Our Solution: JANET UK In collaboration with JANET UK and Loughborough Grateful for help with certificate installation, testing and documentation from Loughborough SU1X is Open Source http://su1x.sourceforge.net/ http://www.ja.net/services/authentication-and- authorisation/janet-roaming/su1x.htmlhttp://www.ja.net/services/authentication-and- authorisation/janet-roaming/su1x.html

34 www.swan.ac.uk/lis 6.0 Demo? Demo or Screen Shots?

35 www.swan.ac.uk/lis SU1X - Setup Tool

36 www.swan.ac.uk/lis SU1X - Support Tool

37 www.swan.ac.uk/lis Thank You – Any Questions? Gareth Ayres g.j.ayres@swansea.ac.uk

Download ppt "Www.swan.ac.uk/lis. 802.1X Deployment with SU1X By Gareth Ayres."

Similar presentations

Inter WISP WLAN roaming

Inter WISP WLAN roaming
Authentication.

Authentication.
automated single login access to Novell storage resources

automated single login access to Novell storage resources
Securing Your Wireless Network

Securing Your Wireless Network
Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,

Security Features in Microsoft® Windows® XP James Noyce, Senior Consultant Security Solutions Team, Business Critical Services Microsoft Security Solutions,
Securing Wireless LANs A Windows Server 2003 Certificate Services Solution Ian Hellen – Principal Consultant Stirling Goetz – Principal Consultant.

Securing Wireless LANs A Windows Server 2003 Certificate Services Solution Ian Hellen – Principal Consultant Stirling Goetz – Principal Consultant.
Joining eduroam Wireless Roaming for Education and Research.

Joining eduroam Wireless Roaming for Education and Research.
Www.lsntap.org Legal Services National Technology Assistance Project.

Legal Services National Technology Assistance Project.
The most comprehensive Oracle applications & technology content under one roof Upgrading to Oracle EPM 11.1.2 — A Real Life Experience Erica Harris Senior.

The most comprehensive Oracle applications & technology content under one roof Upgrading to Oracle EPM — A Real Life Experience Erica Harris Senior.
Wyse Thin OS Technical Training

Wyse Thin OS Technical Training
Untangle and OpenVPN.

Untangle and OpenVPN.
Physics Network Integration Chris Hunter. Physics network team Chris Hunter : Network Manager David Newton : Network Support Technician Room DWB 663 Phone.

Physics Network Integration Chris Hunter. Physics network team Chris Hunter : Network Manager David Newton : Network Support Technician Room DWB 663 Phone.
Physics Network Integration Chris Hunter. Physics network team Chris Hunter : Network Manager David Newton : Network Support Technician Room DWB 663 Phone.

Physics Network Integration Chris Hunter. Physics network team Chris Hunter : Network Manager David Newton : Network Support Technician Room DWB 663 Phone.
Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June 22 2005 Licia Florio.

Licia Florio EUNIS05, Manchester 1 Eduroam EUNIS Conference, June Licia Florio.
Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.

Wireless LAN  Setup & Optimizing Wireless Client in Linux  Hacking and Cracking Wireless LAN  Setup Host Based AP ( hostap ) in Linux & freeBSD  Securing.
CSD-Team 13 Oasis v.2. Introduction Oasis v.1 ISPs share access network Security Choice for end-users Compatible with legacy systems Problems with the.

CSD-Team 13 Oasis v.2. Introduction Oasis v.1 ISPs share access network Security Choice for end-users Compatible with legacy systems Problems with the.
Wireless and Switch Security NETS David Mitchell.

Wireless and Switch Security NETS David Mitchell.
Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference 2006 9 th November, 2006.

Eduroam – Roam In a Day Louis Twomey, HEAnet Limited HEAnet Conference th November, 2006.
Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.

Wireless Security without a VPN! Stirling Goetz, Microsoft Consulting Services.
Swansea: When eduroam doesn't fit By Gareth Ayres Gregynog Colloquium Conf 2011.

Swansea: When eduroam doesn't fit By Gareth Ayres Gregynog Colloquium Conf 2011.

Similar presentations

Ads by Google